Tmp Soul Evolver
Security checks across malware telemetry and agentic risk
Overview
The skill matches its stated memory-evolution purpose, but it automatically sends local memory to MiniMax and persistently changes agent identity files, so it needs careful review before use.
Install only if you are comfortable with scheduled memory analysis, external MiniMax processing of memory snippets, and automatic edits to identity files. Prefer dry-run/manual mode, fix the install path mismatch, disable broad hawk-bridge reading unless needed, and require review before any generated update is written.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Bad or manipulated memory entries could become lasting instructions or user-profile facts that affect future sessions.
The skill is designed to run automatically and update persistent identity files from memory-derived patterns, which can make mistaken or adversarial memory content persist across future agent behavior.
hooks:\n soulforge-evolve:\n description: "Scheduled memory evolution: reads memory/*.md, analyzes patterns with MiniMax, updates SOUL.md/USER.md/IDENTITY.md"\n type: agentTurn\n session: isolated\n schedule: every 120m
Use manual dry-run review by default, require explicit approval before writing identity files, and restrict which memory sources can be promoted.
If a model-produced or memory-influenced pattern names an unexpected path, the skill may append content outside the intended identity files under the user's permissions.
The write target is taken from a discovered pattern and then used as a filesystem path for appending content; the provided sink does not show an allow-list or rejection of absolute paths or '..' traversal.
target = pattern.target_file ... result = self._apply_to_file(filename, file_patterns, dry_run) ... file_path = self.workspace / filename ... with open(file_path, "a", encoding="utf-8") as f:
Validate target_file against an explicit allow-list such as SOUL.md, USER.md, IDENTITY.md, MEMORY.md, AGENTS.md, and TOOLS.md, and reject absolute or parent-directory paths.
Private conversation logs, user preferences, identity files, or workspace memories may be transmitted to MiniMax during scheduled or manual runs.
The analyzer packages local memory snippets and existing target-file content into a MiniMax chat request. This is disclosed and purpose-aligned, but it is automatic and lacks visible retention, exclusion, or per-run consent controls.
for i, entry in enumerate(entries[:100]): ... lines.append(f" Content: {entry.content[:300]}") ... lines.append(content[:1500]) ... urllib.request.Request(url, data=data, headers=headers, method="POST")Disclose the exact data sent, add configurable exclusions/redaction, and require user confirmation before uploading memory contents.
Memories from a broader or shared vector store could influence identity updates or be sent to MiniMax unexpectedly.
The default configuration enables a global hawk-bridge database path outside the workspace, which weakens the documentation's claim that each agent only reads its own workspace memory sources.
"hawk_bridge_enabled": True,\n"hawk_db_path": "~/.hawk/lancedb",\n"hawk_table_name": "hawk_memories"
Disable hawk-bridge by default or make it workspace-scoped, and clearly document when data outside the workspace is read.
The command may fail or, if another local skill exists at that path, run code different from the reviewed package.
The evaluated registry slug is soul-evolver, but SKILL.md instructs execution from a soul-forge path, creating an install-path mismatch for the code being reviewed.
exec python3 ~/.openclaw/skills/soul-forge/scripts/soulforge.py run
Correct all runtime examples and scheduled commands to the reviewed install path, and avoid hard-coded paths that do not match the published slug.
The skill can consume MiniMax quota and submit analyzed memory content under the user's MiniMax account.
The MiniMax API key is expected for the stated purpose, but users should notice that the skill can use that account credential for external analysis.
env:\n MINIMAX_API_KEY:\n description: MiniMax API key for pattern analysis\n required: true
Use a dedicated, revocable MiniMax key and confirm the registry metadata accurately declares the required credential.